Re: Congressman Ed Markey Wants Security Researcher Arrested

["Dude VanWinkle" <dudevanwinkle () gmail com>]

Until  he attempts to use one, it isnt fraud, its art.

Money and official documents are different. They have legislation
protecting them. I dont think airline tickets have the same
protection, but I could be wrong

-JP

On 10/28/06, Kevin Johnson <kjohnson () secureideas net> wrote:
> On Oct 27, 2006, at 11:24 PM, Nick FitzGerald wrote:
>
> Larry Seltzer wrote:
>
>
> I know this makes me a fascist around here but this bothers me a lot. He's
> facilitating fraud, and the fact that he himself says they're not good
> enough to get you on a plane makes me doubt the value of his research.
> Suppose he was making  software to print $100 bills. Is that OK because it
> shows weaknesses in the currency?
>
> And if he or anyone else uses these they definitely should be busted.
>
>
> Then I guess we need more fascists. ; )
>
> I think you've missed the point...
>
> I don't think Larry did.  I think his comment was toward the act
> not the system.
>
>
> _If_ these forgeries are good enough to get through initial (usually
> just the briefest of eye-balling and often kerbside) screening _AND_
> that opens the whole system up to some much bigger threat _THEN_ the
> whole system is totally borked from tip to toe.
>
> snip
>
> In no way does this contradict what Larry said.  I think it may be a little
> extreme saying it is totally borked, but forgeries are an issue that all
> systems need to take into account.  If the system doesn't, then that
> needs to be fixed.
>
> _IF_ the current system cannot filter out those carrying fake boarding
> passes, _THEN_ the current system _IS BROKEN_.
>
> snip
>
> Again, I don't think Larry or myself disagree with this.
>
>
> Yes, what he's doing is technically fraud, but to even suggest it
> begins to equate with forging $100 bills is reactionary nonsense.
> Actually I think the two are very similar.  Fraud is fraud.  Saying
> something
> is technically fraud is the same as saying your girlfriend is slightly
> pregnant.
> It either is or it isn't.  I personally have no problem with someone
> generating
> a single fake ticket that was only there to show that a fake was possible.
> Mark
> it as fake and make your point.  But putting up a site that generates the
> tickets
> is to far.  I think that we as an industry allow people way to much leeway
> when
> they assign themselves the title security researcher.
>
> Thanks
> Kevin
> ---------------------
> GCIA, GCIH
> BASE Project Lead
> http://base.secureideas.net
> The next step in IDS analysis!
>
>
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.